Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

SUSE: 2022:1910-1 Important: HDF5 Multiple Fixes and Threats

suse
Calendar Grey June 1, 2022
Dist Suse Esm H88
The latest security patch from SUSE for hdf5 addresses 27 critical vulnerabilities, significantly bolstering system reliability and integrity.
An update that solves 27 vulnerabilities and has three fixes is now available

Summary

This update for hdf5 fixes the following issues: Security issues fixed: - CVE-2020-10811: Fixed heap-based buffer over-read in the function H5O__layout_decode() located in H5Olayout.c (bsc#1167405). - CVE-2020-10810: Fixed NULL pointer dereference in the function H5AC_unpin_entry() located in H5AC.c (bsc#1167401). - CVE-2020-10809: Fixed heap-based buffer overflow in the function Decompress() located in decompress.c (bsc#1167404). - CVE-2018-17438: Fixed SIGFPE signal raise in the function H5D__select_io() of H5Dselect.c (bsc#1109570). - CVE-2018-17437: Fixed memory leak in the H5O_dtype_decode_helper() function in H5Odtype.c. (bsc#1109569). - CVE-2018-17436: Fixed issue in ReadCode() in decompress.c that allowed attackers to cause a denial of service via a crafted HDF5 file (bsc#1109568).

References

#1072087 #1072090 #1072108 #1072111 #1093641

#1093649 #1093653 #1093655 #1093657 #1101471

#1101474 #1101493 #1101495 #1102175 #1109166

#1109167 #1109168 #1109564 #1109565 #1109566

#1109567 #1109568 #1109569 #1109570 #1167401

#1167404 #1167405 #1174439 #1179521 #1196682

Cross- CVE-2017-17505 CVE-2017-17506 CVE-2017-17508

CVE-2017-17509 CVE-2018-11202 CVE-2018-11203

CVE-2018-11204 CVE-2018-11206 CVE-2018-11207

CVE-2018-13869 CVE-2018-13870 CVE-2018-14032

CVE-2018-14033 CVE-2018-14460 CVE-2018-17233

CVE-2018-17234 CVE-2018-17237 CVE-2018-17432

CVE-2018-17433 CVE-2018-17434 CVE-2018-17435

CVE-2018-17436 CVE-2018-17437 CVE-2018-17438

CVE-2020-10809 CVE-2020-10810 CVE-2020-10811

CVSS scores:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:1910-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.